[英]How do I connect to an Oracle database using integrated pipeline mode with an ASP.Net application through IIS 7.5?
I have read that it is recommended to remove the username/password for database connection strings from the web.config file for an ASP.Net web application, and instead use an IIS application pool identity for authenticating access to the database. 我已经读到,建议从ASP.Net Web应用程序的web.config文件中删除数据库连接字符串的用户名/密码,而应使用IIS应用程序池标识来验证对数据库的访问。
While this is easy to do and a straightforward process for connecting to a Microsoft SQL Server database using an active directory service account, that's not the same, from the research that I have done on this question, for connecting to an Oracle database. 尽管这很容易做到,并且使用活动目录服务帐户连接到Microsoft SQL Server数据库的过程很简单,但是根据我对这个问题所做的有关连接到Oracle数据库的研究,这并不相同。
We can't figure out how to connect to an Oracle database using IIS 7.5 Integrated Managed Pipeline Mode. 我们无法弄清楚如何使用IIS 7.5集成托管管道模式连接到Oracle数据库。 We want to use integrated security because we don't want to include the Oracle database username and password in the connection string in the web.config file for the ASP.Net web site.
我们要使用集成安全性,因为我们不想在ASP.Net网站的web.config文件的连接字符串中包含Oracle数据库用户名和密码。
We also want to avoid creating the possibility for a malicious user to "spoof" a Windows account, giving them sys.admin access to Oracle if an Oracle database account is found that matches the Windows account. 我们还希望避免造成恶意用户“欺骗” Windows帐户的可能性,如果找到与Windows帐户匹配的Oracle数据库帐户,则使sys.admin对Oracle拥有访问权限。
What is the industry standard for connection to an Oracle database using integrated pipeline mode with an ASP.Net application through IIS 7.5? 通过IIS 7.5与ASP.Net应用程序使用集成管道模式连接到Oracle数据库的行业标准是什么?
How is this accomplished, in order to remove the Oracle database username and password from the web.config file? 为了从web.config文件中删除Oracle数据库用户名和密码,该如何完成?
Instead of figuring out connecting to an Oracle Database through IIS with integrated security (which I'm not sure of how to do or if it's possible), try an alternative. 可以尝试使用替代方法,而不是通过具有集成安全性的IIS(我不确定该怎么做或是否可能)通过IIS连接到Oracle数据库。
Instead of setting it in web.config, programmatically obtain the username/password from an encrypted file or secure web service 可以通过编程方式从加密文件或安全Web服务中获取用户名/密码,而不是在web.config中进行设置
Or encrypt the .config file itself. 或加密.config文件本身。 MSDN has some directions for that.
MSDN为此提供了一些指导 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.